TCP Reset Spoofing
OpenBSD Reality
Random Source Ports
since 1996
attack at T1 speeds now takes 7.5 days (instead of 13 seconds)
We do other things too:
Require RST packets to be right on the edge of the window
since 1999
attack at T1 speeds now infeasible
And of course, OpenBSD supports TCP MD5 auth and IPSec
BGPD will not allow window scaling unless one of these is in use